In a blog post, the company admitted one of its own employees' accounts was "compromised" by an attacker, which was used to gain access to several of its internal systems on three separate dates in February and March.

The systems contained usernames and email addresses of both SendGrid employees and customers, but said the passwords were salted and hashed -- a method of scrambling the data to prevent it from being readable to humans.

As the company does not store credit card data, the company said payment data was not taken.

Although the company said there was no forensic evidence to show any data was stolen, the company said it has begun a mass password reset and asked around 600 customers to generate new digital signatures, known as DKIMs.

The hack was first reported earlier this month when the company said a "Bitcoin-related client" was the target of a hack. The New York Times revealed it was used by Coinbase, a virtual currency exchange. The Coinbase account was used to send out phishing emails in bulk, which is said to have ensnared a SendGrid employee's account.

SendGrid's breach is limited compared to recent attacks on Target, Home Depot, or JP Morgan, the company. But it promised that it would improve security, including an "enhanced" two-factor authentication system.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.